Mastodawn

Delve – Fake Compliance as a Service

https://deepdelver.substack.com/p/delve-fake-compliance-as-a-service

Delve - Fake Compliance as a Service - Part I

How Delve managed to falsely convince hundreds of customers they were compliant and then lied about it when exposed and called out

DeepDelver

Show thread

alanning Mar 20

For those looking for help with SOC2 compliance, I had a good experience with another YC company, Vanta. That was some years ago so not sure if anything has changed since then but I would recommend checking them out.

Show thread

tptacek Mar 20

I like the Vanta people just fine and think it's a fine product, but I would not recommend it to startups looking to get SOC2.

https://fly.io/blog/soc2-the-screenshots-will-continue-until...

Most startups should be doing way, way less than automation platforms like these tell them they need to do to get a SOC2 attestation.

SOC2: The Screenshots Will Continue Until Security Improves

We got SOC2 certified so now you have to pay us more.

Fly

Show thread

dmix Mar 20

Not every sales team can convince a big paying customer that SOC2 isn't important. Lots of B2B SaaS companies have to play the enterprise lawyer game to get big contracts.

Show thread

akerl_

This feels like a weird response to a comment recommending how to approach getting a SOC2, that links to a blog post about Fly.io's SOC2.

The pitch isn't "don't get a SOC2", or "convince big paying customers that SOC2 isn't important". It's "don't worry about SOC2 until a big paying customer says they'll make big payments if you get it, and when you do worry about it, don't let SOC2 compliance trick you into doing bonkers infrastructure things"